From eace5290f14dfb1929e8508ee5757255f3060d33 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 28 Mar 2017 05:43:15 +0100 Subject: firefox : version bump --- .../firefox/files/firefox-47.0-crashreporter.patch | 27 ---------------- ...47.0-define-HUNSPELL_STATIC-conditionally.patch | 8 ----- .../firefox/files/fix_hardened_pie_detection.patch | 36 ++++++++++++++++++++++ .../files/mozilla_configure_regexp_esr.patch | 32 +++++++++++++++++++ www-client/firefox/files/update_h2_curve.patch | 30 ++++++++++++++++++ 5 files changed, 98 insertions(+), 35 deletions(-) delete mode 100644 www-client/firefox/files/firefox-47.0-crashreporter.patch delete mode 100644 www-client/firefox/files/firefox-47.0-define-HUNSPELL_STATIC-conditionally.patch create mode 100644 www-client/firefox/files/fix_hardened_pie_detection.patch create mode 100644 www-client/firefox/files/mozilla_configure_regexp_esr.patch create mode 100644 www-client/firefox/files/update_h2_curve.patch (limited to 'www-client/firefox/files') diff --git a/www-client/firefox/files/firefox-47.0-crashreporter.patch b/www-client/firefox/files/firefox-47.0-crashreporter.patch deleted file mode 100644 index 7b3bf3da..00000000 --- a/www-client/firefox/files/firefox-47.0-crashreporter.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- a/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc -+++ b/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc -@@ -920,10 +920,9 @@ string FormatIdentifier(unsigned char identifier[16]) { - // Return the non-directory portion of FILENAME: the portion after the - // last slash, or the whole filename if there are no slashes. - string BaseFileName(const string &filename) { -- // Lots of copies! basename's behavior is less than ideal. -- char* c_filename = strdup(filename.c_str()); -- string base = basename(c_filename); -- free(c_filename); -+ const char *c_filename = filename.c_str(); -+ const char *p = strrchr(c_filename, '/'); -+ string base = p ? p+1 : c_filename; - return base; - } - ---- a/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h -+++ b/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h -@@ -3851,7 +3851,7 @@ struct kernel_statfs { - return -1; - } - } -- #if defined(__x86_64__) -+ #if defined(__x86_64__) && defined(__ILP32__) - /* Need to make sure loff_t isn't truncated to 32-bits under x32. */ - LSS_INLINE ssize_t LSS_NAME(pread64)(int f, void *b, size_t c, loff_t o) { - LSS_BODY(4, ssize_t, pread64, LSS_SYSCALL_ARG(f), LSS_SYSCALL_ARG(b), diff --git a/www-client/firefox/files/firefox-47.0-define-HUNSPELL_STATIC-conditionally.patch b/www-client/firefox/files/firefox-47.0-define-HUNSPELL_STATIC-conditionally.patch deleted file mode 100644 index f7fb3b30..00000000 --- a/www-client/firefox/files/firefox-47.0-define-HUNSPELL_STATIC-conditionally.patch +++ /dev/null @@ -1,8 +0,0 @@ ---- a/extensions/spellcheck/hunspell/glue/moz.build -+++ b/extensions/spellcheck/hunspell/glue/moz.build -@@ -38,4 +38,4 @@ if CONFIG['GNU_CXX']: - - # This variable is referenced in configure.in. Make sure to change that file - # too if you need to change this variable. --DEFINES['HUNSPELL_STATIC'] = True -+DEFINES['HUNSPELL_STATIC'] = not CONFIG['MOZ_NATIVE_HUNSPELL'] diff --git a/www-client/firefox/files/fix_hardened_pie_detection.patch b/www-client/firefox/files/fix_hardened_pie_detection.patch new file mode 100644 index 00000000..7cc74cd1 --- /dev/null +++ b/www-client/firefox/files/fix_hardened_pie_detection.patch @@ -0,0 +1,36 @@ +From: Jory A. Pratt + +CFLAGS must contain -fPIC when checking the linker + +https://bugs.gentoo.org/show_bug.cgi?id=607350 + +diff --git a/build/autoconf/compiler-opts.m4 b/build/autoconf/compiler-opts.m4 +--- a/build/autoconf/compiler-opts.m4 ++++ b/build/autoconf/compiler-opts.m4 +@@ -263,23 +263,26 @@ fi + + MOZ_ARG_ENABLE_BOOL(pie, + [ --enable-pie Enable Position Independent Executables], + MOZ_PIE=1, + MOZ_PIE= ) + + if test "$GNU_CC" -a -n "$MOZ_PIE"; then + AC_MSG_CHECKING([for PIE support]) ++ _SAVE_CFLAGS=$CFLAGS ++ CFLAGS="$CFLAGS -fPIC" + _SAVE_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -pie" + AC_TRY_LINK(,,AC_MSG_RESULT([yes]) + [MOZ_PROGRAM_LDFLAGS="$MOZ_PROGRAM_LDFLAGS -pie"], + AC_MSG_RESULT([no]) + AC_MSG_ERROR([--enable-pie requires PIE support from the linker.])) + LDFLAGS=$_SAVE_LDFLAGS ++ CFLAGS=$_SAVE_CFLAGS + fi + + AC_SUBST(MOZ_PROGRAM_LDFLAGS) + + dnl ASan assumes no symbols are being interposed, and when that happens, + dnl it's not happy with it. Unconveniently, since Firefox is exporting + dnl libffi symbols and Gtk+3 pulls system libffi via libwayland-client, + dnl system libffi interposes libffi symbols that ASan assumes are in diff --git a/www-client/firefox/files/mozilla_configure_regexp_esr.patch b/www-client/firefox/files/mozilla_configure_regexp_esr.patch new file mode 100644 index 00000000..9e165ff9 --- /dev/null +++ b/www-client/firefox/files/mozilla_configure_regexp_esr.patch @@ -0,0 +1,32 @@ +From: Jory A. Pratt + +Note: the first occurrence of :space: is [:space:] (with a single pair +of []), where it should be [[:space:]] (with two pairs of []). + +This causes the sed command to fail (with the error message quoted in +my original report), driving to failure the whole configure step. + +https://bugzilla.mozilla.org/show_bug.cgi?id=1329252 + +diff --git a/build/autoconf/icu.m4 b/build/autoconf/icu.m4 +--- a/build/autoconf/icu.m4 ++++ b/build/autoconf/icu.m4 +@@ -68,17 +68,17 @@ if test -n "$USE_ICU"; then + icudir="$_topsrcdir/intl/icu/source" + if test ! -d "$icudir"; then + icudir="$_topsrcdir/../../intl/icu/source" + if test ! -d "$icudir"; then + AC_MSG_ERROR([Cannot find the ICU directory]) + fi + fi + +- version=`sed -n 's/^[[:space:]]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"` ++ version=`sed -n 's/^[[[:space:]]]*#[[:space:]]*define[[:space:]][[:space:]]*U_ICU_VERSION_MAJOR_NUM[[:space:]][[:space:]]*\([0-9][0-9]*\)[[:space:]]*$/\1/p' "$icudir/common/unicode/uvernum.h"` + if test x"$version" = x; then + AC_MSG_ERROR([cannot determine icu version number from uvernum.h header file $lineno]) + fi + MOZ_ICU_VERSION="$version" + + if test "$OS_TARGET" = WINNT; then + MOZ_SHARED_ICU=1 + fi diff --git a/www-client/firefox/files/update_h2_curve.patch b/www-client/firefox/files/update_h2_curve.patch new file mode 100644 index 00000000..a1f0ffae --- /dev/null +++ b/www-client/firefox/files/update_h2_curve.patch @@ -0,0 +1,30 @@ +From: Franziskus Kiefer + +Update keybits in H2 + +https://bugzilla.mozilla.org/show_bug.cgi?id=1290037 + +diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp +--- a/netwerk/protocol/http/Http2Session.cpp ++++ b/netwerk/protocol/http/Http2Session.cpp +@@ -3516,18 +3516,18 @@ Http2Session::ConfirmTLSProfile() + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + uint32_t keybits = ssl->GetKEAKeyBits(); + if (kea == ssl_kea_dh && keybits < 2048) { + LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to DH %d < 2048\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); +- } else if (kea == ssl_kea_ecdh && keybits < 256) { // 256 bits is "security level" of 128 +- LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 256\n", ++ } else if (kea == ssl_kea_ecdh && keybits < 224) { // see rfc7540 9.2.1. ++ LOG3(("Http2Session::ConfirmTLSProfile %p FAILED due to ECDH %d < 224\n", + this, keybits)); + RETURN_SESSION_ERROR(this, INADEQUATE_SECURITY); + } + + int16_t macAlgorithm = ssl->GetMACAlgorithmUsed(); + LOG3(("Http2Session::ConfirmTLSProfile %p MAC Algortihm (aead==6) %d\n", + this, macAlgorithm)); + if (macAlgorithm != nsISSLSocketControl::SSL_MAC_AEAD) { -- cgit v1.2.3